Some people move the port to a nonstandard one, but that only helps with automated scanners not determined attackers.
While true, cleaning up your logs such that you can actually see a determined attacker rather than it just getting buried in the noise is still worthwhile.
Reverse proxy + DNS-challenge wildcard cert for your domain. The end. Super easy to set up and zero maintenance. Adding a new service is just a couple clicks in your reverse proxy and you’re done.
Yes at a cursory glance that's true. AI generated images don't involve the abuse of children, that's great. The problem is what the follow-on effects of this is. What's to stop actual child abusers from just photoshopping a 6th finger onto their images and then claiming that it's AI generated?
AI image generation is getting absurdly good now, nearly indistinguishable from actual pictures. By the end of the year I suspect they will be truly indistinguishable. When that happens, how do you tell which images are AI generated and which are real? How do you know who is peddling real CP and who isn't if AI-generated CP is legal?
It wouldn't matter. The public doesn't listen directly to politicians, it gets filtered through the media first, and the media picks and chooses which parts they actually report. The people who would actually hear this already know. The people who would need to hear it never will because Fox won't show it to them.
The complaint isn’t about the colon in OP’s image, it’s the colon in OP’s explanation.
OP complaining about an insignificant capitalization mistake in a Twitter post, while making a far more egregious grammatical error in their explanation is just...*chef's kiss*
I don't understand why everything isn't just rated in Wh or mWh. It gives them a bigger number to advertise and it's voltage-independent. Sure there are load-dependent conversion efficiencies that complicate things a bit, but nobody is going to get up in arms about a 5% deviation from the advertised spec due to less than ideal conversion efficiency. Compared to trying to figure out how many recharge cycles I'll get on my 5000mAh laptop battery from my 20000mAh power bank (what voltage is that laptop battery running at again?) a 5% efficiency drop is a big nothing burger.
it gives people the option to use an alternate app store if they want but it doesn’t force anyone to.
That argument sounds great in theory, but would break down after a month or less, when companies start moving their apps off of Apple’s App Store and onto a 3rd party store that allows all the spyware Apple has forced them to remove if they want to have an iOS market. This move DOES force people to use alternate app stores when companies start moving (not copying, moving) their apps over to said stores to take advantage of the drop in oversight.
Same, I don't let Docker manage volumes for anything. If I need it to be persistent I bind mount it to a subdirectory of the container itself. It makes backups so much easier as well since you can just stop all containers, backup everything in ~/docker or wherever you put all of your compose files and volumes, and then restart them all.
It also means you can go hog wild with docker system prune -af --volumes and there's no risk of losing any of your data.
I would separate the media and the Jellyfin image into different pools. Media would be a normal ZFS pool full of media files that gets mounted into any VM that needs it, like Jellyfin, sonarr, radarr, qbittorrent, etc. (preferably read-only mounted in Jellyfin if you’re going to expose Jellyfin to the internet).
As far as networking, from what I could see the only real change casaos was doing was mapping its dashboard to port 80, but not much more. Is there anything more I should be aware in general?
It depends on how you have things set up. If you’re just doing normal docker compose networking with port forwards then there shouldn’t be much to change, but if you’re doing anything more advanced like macvlan then you might have to set up taps on the host to be able to communicate with the container (not sure if CasaOS handles that automatically).
Main reason is that if you don't already have the right key, VPN doesn't even respond, it's just a black hole where all packets get dropped. SSH on the other hand will respond whether or not you have a password or a key, which lets the attacker know that there's something there listening.
That's not to say SSH is insecure, I think it's fine to expose once you take some basic steps to lock it down, just answering the question.